Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
395
Views
0
Helpful
2
Replies

Easy VPN ASA-5505 to ASA-5520 strange issue.

aheibert
Level 1
Level 1

‎04-18-2018 08:34 AM - edited ‎03-12-2019 05:12 AM

Our business has about 30 branch locations which are all using Cisco ASA-5505's which connect back to our Corporate ASA-5520. We pass ALL traffic over the VPN tunnel to Corporate.

On corporate end (ASA-5520) we have a object-group created which we can add hosts to which has unrestricted internet access.

object-group network Unrestricted_Access
  description Unrestricted_Access_Group
   network-object host 192.168.100.80

 

When we add hosts to this group within the corporate office it works and they get unrestricted internet access. When we add a host from one of the remote Easy VPN ASA-5505's it doesn't work.

  network-object host 192.168.219.80 (remote IP from one of the Easy VPN branches)

What am I missing ?

On the corporate ASA-5520 the remote branches are defined by object-group as well

object-group network Remote_Branch_219
  description Remote_Branch_219
   network-object 192.168.219.0 255.255.255.0

I have tried added the remote branch defined group to the unrestricted group on the corporate 5520 and that doesn't work either.

 

Labels:
0 Helpful
2 Replies 2

aheibert
Level 1
Level 1

‎04-18-2018 08:35 AM

For what it is worth, the remote ASA-5505's are functioning in Network Extension Mode for Easy VPN. NOT Client Mode.

0 Helpful

Florin Barhala
Level 6
Level 6

‎04-19-2018 12:14 AM

First of all share all related config to the object-group network Unrestricted_Access.
0 Helpful
Customers Also Viewed These Support Documents